Hackers have apparently hijacked potentially thousands of vulnerable MongoDB databases and demanded ransoms for the return of critical data, with some victims paying up, according to security researchers.
The lack of a smoking gun - absolute certainty - has some security experts not entirely convinced that the Russians or their backers hacked Democratic Party computers in an attempt to sway the U.S. presidential election.
The National Governors Association, in a new road map for improving nationwide secure health data exchange, proposes that states attempt to better align their privacy laws to the federal HIPAA Privacy Rule to help remove legal barriers.
The impact of the patient data privacy and security provisions of the 21st Century Cures Act, signed into law Dec. 13, will depend, in part, on who is chosen to study key issues and come up with recommendations, says attorney Steven Teppler.
Federal regulators have issued new guidance to clarify what uses and disclosures of patient information for public health reporting, surveillance and investigations are permitted under HIPAA's privacy regulations.
President Obama is expected on Dec. 13 to sign the 21st Century Cures Act, which the Senate passed on Dec. 7. Among its long list of provisions, the bill lays out a number of privacy and security-related projects for HHS, including imposing fines on those that intentionally block health data information sharing.
The House has easily approved a heavily reworked version of the 21st Century Cures bill that was stripped of controversial proposed changes to HIPAA. The measure, which would provide $6.3 billion for various efforts to advance medical innovation and is backed by the White House, will proceed to the Senate next week.
Rep. Tom Price, R-Ga., a physician chosen by President-elect Trump to head the Department of Health and Human Services, has been an advocate of adding flexibility to the HITECH Act electronic health records program and for repealing Obamacare. But where does he stand on privacy and security issues?
Healthcare entities must perform security due diligence when they consider introducing emerging technologies - including "internet of things" devices - into their environments, says attorney Stephen Wu, author of a new book on HIPAA compliance.
In the 13th HIPAA enforcement action this year, federal regulators have slapped the University of Massachusetts Amherst with a $650,000 financial settlement and corrective action plan after investigating a relatively small 2013 breach involving a malware infection at a campus speech and language center.
Vulnerable firmware has been highlighted again in a range of low-cost Android phones, raising concerns over their security. This latest incident comes 11 months after security analysts first raised flags.
If President-elect Donald Trump fulfills a campaign promise to repeal Obamacare - which could result in the dismantling of HealthCare.gov and state health insurance exchanges - great caution will be needed to protect the data of millions of consumers contained in those systems.
Last month, the FFIEC issued an FAQ about its Cybersecurity Assessment Tool, reiterating that use of the tool is voluntary. But some critics say regulators are still questioning institutions about their use of the tool during IT examinations, meaning its use is not truly voluntary.
Most - but not all - ransomware attacks against healthcare organizations are reportable breaches requiring notification to affected individuals and federal regulators, Deven McGraw, deputy director of health information privacy at the HHS Office for Civil Rights, explains in this video interview.
An analysis of how the Donald Trump administration will address health IT security and privacy leads the latest edition of the ISMG Security Report. Also, the ramifications of a big breach, and an FBI agent tackles ransomware.